Search: online security

Chinese hackers hijack auth flow, spy on isolated network for a decade

…Sygnia recommends that defenders treat authentication components such as PAM, OpenSSH, and Windows LSASS as critical security assets and protect them with EDR, file integrity monitoring, hardened privileged access, multi-factor authentication…

Jun 13, 2026 · Bill Toulas

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

…According to the same platform, the website security firm has blocked over 7,400 attacks targeting CVE-2026-8181 in the past 24 hours, so the activity is significant. Users of the…

May 14, 2026 · Bill Toulas

Police seize “First VPN” service used in ransomware, data theft attacks

…While they are used legitimately to protect privacy on public WiFi, bypass censorship, reduce tracking, and enable secure remote work, threat actors also rely on them to hide their location and infrastructure…

May 21, 2026 · Bill Toulas

Grafana says stolen GitHub token let hackers steal codebase

…The company "invalidated the compromised credentials and implemented additional security measures" to prevent future unauthorized access. The attacker attempted to extort the company, demanding payment in exchange for not publishing the stolen…

May 18, 2026 · Bill Toulas

Fake OpenAI repository on Hugging Face pushes infostealer malware

…Threat actors have abused Hugging Face in the past to host malicious models , despite the platform's security measures. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting…

May 9, 2026 · Bill Toulas

GM agrees to $12.75M California settlement over sale of drivers’ data

…UK fines water supplier $1.3M for exposing data of 664k customers FCC bans new routers made outside the USA over security risks UK fines LastPass over 2022 data breach impacting 1…

May 11, 2026 · Bill Toulas

Authorities dismantle 'AudiA6' ransomware crypto-laundering service

…Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen. The Picus whitepaper shows how breach and…

Jun 11, 2026 · Bill Toulas

From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market

…A website suddenly stops loading, a login page times out, or an online service becomes unreachable at the worst possible moment. Sometimes the cause is not an internal outage, but a Distributed…

May 29, 2026

Over 116,000 Mincraft systems infected in WeedHack malware campaign

…In one case highlighted in the report, the malicious website displays a security notice warning visitors that they should only download ‘Skytils’ from the official site. It is even linking to the…

Jun 2, 2026 · Bill Toulas

Over 116,000 Minecraft systems infected in WeedHack malware campaign